<?php
/*****************************************************************************\
+-----------------------------------------------------------------------------+
| X-Cart                                                                      |
| Copyright (c) 2001-2007 Ruslan R. Fazliev <rrf@rrf.ru>                      |
| All rights reserved.                                                        |
+-----------------------------------------------------------------------------+
| PLEASE READ  THE FULL TEXT OF SOFTWARE LICENSE AGREEMENT IN THE "COPYRIGHT" |
| FILE PROVIDED WITH THIS DISTRIBUTION. THE AGREEMENT TEXT IS ALSO AVAILABLE  |
| AT THE FOLLOWING URL: http://www.x-cart.com/license.php                     |
|                                                                             |
| THIS  AGREEMENT  EXPRESSES  THE  TERMS  AND CONDITIONS ON WHICH YOU MAY USE |
| THIS SOFTWARE   PROGRAM   AND  ASSOCIATED  DOCUMENTATION   THAT  RUSLAN  R. |
| FAZLIEV (hereinafter  referred to as "THE AUTHOR") IS FURNISHING  OR MAKING |
| AVAILABLE TO YOU WITH  THIS  AGREEMENT  (COLLECTIVELY,  THE  "SOFTWARE").   |
| PLEASE   REVIEW   THE  TERMS  AND   CONDITIONS  OF  THIS  LICENSE AGREEMENT |
| CAREFULLY   BEFORE   INSTALLING   OR  USING  THE  SOFTWARE.  BY INSTALLING, |
| COPYING   OR   OTHERWISE   USING   THE   SOFTWARE,  YOU  AND  YOUR  COMPANY |
| (COLLECTIVELY,  "YOU")  ARE  ACCEPTING  AND AGREEING  TO  THE TERMS OF THIS |
| LICENSE   AGREEMENT.   IF  YOU    ARE  NOT  WILLING   TO  BE  BOUND BY THIS |
| AGREEMENT, DO  NOT INSTALL OR USE THE SOFTWARE.  VARIOUS   COPYRIGHTS   AND |
| OTHER   INTELLECTUAL   PROPERTY   RIGHTS    PROTECT   THE   SOFTWARE.  THIS |
| AGREEMENT IS A LICENSE AGREEMENT THAT GIVES  YOU  LIMITED  RIGHTS   TO  USE |
| THE  SOFTWARE   AND  NOT  AN  AGREEMENT  FOR SALE OR FOR  TRANSFER OF TITLE.|
| THE AUTHOR RETAINS ALL RIGHTS NOT EXPRESSLY GRANTED BY THIS AGREEMENT.      |
|                                                                             |
| The Initial Developer of the Original Code is Ruslan R. Fazliev             |
| Portions created by Ruslan R. Fazliev are Copyright (C) 2001-2007           |
| Ruslan R. Fazliev. All Rights Reserved.                                     |
+-----------------------------------------------------------------------------+
\*****************************************************************************/

#
# $Id: func.user.php,v 1.13.2.14 2007/10/03 07:44:23 ferz Exp $
#

if ( !defined('XCART_START') ) { header("Location: ../"); die("Access denied"); }

#
# Delete profile from customers table + all associated information
#
function func_delete_profile($user,$usertype, $is_redirect = true) {
	global $files_dir_name, $single_mode, $sql_tbl;
	global $active_modules;

	x_load('files','product');

	if ($usertype == "A" || ($active_modules["Simple_Mode"] && $usertype == "P")) {
		$users_count = func_query_first_cell("SELECT COUNT(*) FROM $sql_tbl[customers] WHERE usertype='$usertype'");
		if ($users_count == 1) {
			if ($is_redirect)
				func_header_location("error_message.php?last_admin");
			return false;
		}
	}

	if ($usertype=="P" && !$single_mode) {
		# If user is provider delete some associated info to keep DB integrity
		# Delete products
		#
		$products = func_query("SELECT productid FROM $sql_tbl[products] WHERE provider='$user'");
		if (!empty($products)) {
			foreach($products as $product)
				func_delete_product($product["productid"]);
		}

		#
		# Delete Shipping, Discounts, Coupons, States/Tax, Countries/Tax
		#
		db_query("DELETE FROM $sql_tbl[shipping_rates] where provider='$user'");
		db_query("DELETE FROM $sql_tbl[discounts] where provider='$user'");
		db_query("DELETE FROM $sql_tbl[discount_coupons] where provider='$user'");
		db_query("DELETE FROM $sql_tbl[extra_fields] where provider='$user'");
		db_query("DELETE FROM $sql_tbl[tax_rates] where provider='$user'");
		db_query("DELETE FROM $sql_tbl[zones] where provider='$user'");

		#
		# Delete provider's file dir
		#
		@func_rm_dir ("$files_dir_name/$user");
	}

	#
	# If it is partner, then remove all his information
	#
	if ($usertype == "B" && func_query_first_cell("SELECT COUNT(*) FROM $sql_tbl[modules] WHERE module_name='XAffiliate'") > 0) {
		if (empty($active_modules["XAffiliate"])) {
			include $xcart_dir."/modules/XAffiliate/config.php";
		}

		db_query("DELETE FROM $sql_tbl[partner_clicks] WHERE login='$user'");
		db_query("DELETE FROM $sql_tbl[partner_commissions] WHERE login='$user'");
		db_query("DELETE FROM $sql_tbl[partner_payment] WHERE login='$user'");
		db_query("DELETE FROM $sql_tbl[partner_views] WHERE login='$user'");
		db_query("UPDATE $sql_tbl[customers] SET parent = '' WHERE parent = '$user' AND usertype = '$usertype'");
	}

	db_query("DELETE FROM $sql_tbl[register_field_values] WHERE login='$user'");
	db_query("DELETE FROM $sql_tbl[customers] WHERE login='$user' AND usertype='$usertype'");
	db_query("DELETE FROM $sql_tbl[login_history] WHERE login='$user'");
	db_query("DELETE FROM $sql_tbl[stats_customers_products] WHERE login='$user'");

	if (!empty($active_modules['Special_Offers'])) {
		db_query("DELETE FROM $sql_tbl[customer_bonuses] WHERE login = '$user'");
	}

}

#
# Get information associated with user
#
function func_userinfo($user, $usertype, $need_password=false, $need_cc=false, $profile_area=NULL) {
	global $sql_tbl, $single_mode, $shop_language, $default_user_profile_fields, $config;
	global $active_modules;
	global $store_cc, $store_cvv2;

	if ($need_password || $need_cc)
		x_load('crypt');

	if (is_null($profile_area) || empty($profile_area))
		$profile_area = $usertype;

	if (!is_array($profile_area))
		$profile_area = array($profile_area);


	$userinfo = func_query_first("SELECT $sql_tbl[customers].*, $sql_tbl[memberships].membership, pm.membership as pending_membership, $sql_tbl[memberships].flag FROM $sql_tbl[customers] LEFT JOIN $sql_tbl[memberships] ON $sql_tbl[memberships].membershipid = $sql_tbl[customers].membershipid LEFT JOIN $sql_tbl[memberships] as pm ON pm.membershipid = $sql_tbl[customers].pending_membershipid WHERE $sql_tbl[customers].login='$user' AND $sql_tbl[customers].usertype='$usertype'");

	if (!empty($userinfo)) {
		$userinfo['titleid'] = func_detect_title(addslashes($userinfo['title']));
		$userinfo['b_titleid'] = func_detect_title(addslashes($userinfo['b_title']));
		$userinfo['s_titleid'] = func_detect_title(addslashes($userinfo['s_title']));
		$userinfo['title'] = func_get_title($userinfo['titleid']);
		$userinfo['b_title'] = func_get_title($userinfo['b_titleid']);
		$userinfo['s_title'] = func_get_title($userinfo['s_titleid']);
	}

	if ($need_password) {
		$userinfo["passwd1"] = $userinfo["passwd2"] = $userinfo["password"] = text_decrypt($userinfo["password"]);
		if (is_null($userinfo["password"])) {
			x_log_flag("log_decrypt_errors", "DECRYPT", "Could not decrypt password for the user ".$userinfo['login'], true);

		} elseif ($userinfo["password"] !== false) {
			$userinfo["passwd1"] = $userinfo["passwd2"] = stripslashes($userinfo["password"]);
		}
	}

	if ($store_cc && $need_cc) {
		$userinfo["card_number"] = text_decrypt($userinfo["card_number"]);
		if (is_null($userinfo["card_number"])) {
			x_log_flag("log_decrypt_errors", "DECRYPT", " Could not decrypt the field 'Card number' for the user ".$userinfo['login'], true);
		}
	}

	if ($store_cvv2 && $need_cc) {
		$userinfo["card_cvv2"] = text_decrypt($userinfo["card_cvv2"]);
		if (is_null($userinfo["card_cvv2"])) {
			x_log_flag("log_decrypt_errors", "DECRYPT", " Could not decrypt the field 'Card CVV2' for the user ".$userinfo['login'], true);
		}
	}

	list($userinfo["b_address"], $userinfo["b_address_2"]) = split("[\n\r]+", $userinfo["b_address"]);
	$userinfo["b_statename"] = func_get_state($userinfo["b_state"], $userinfo["b_country"]);
	$userinfo["b_countryname"] = func_get_country($userinfo["b_country"]);
	list($userinfo["s_address"], $userinfo["s_address_2"]) = split("[\n\r]+", $userinfo["s_address"]);
	$userinfo["s_statename"] = func_get_state($userinfo["s_state"], $userinfo["s_country"]);
	$userinfo["s_countryname"] = func_get_country($userinfo["s_country"]);
	if ($config["General"]["use_counties"] == "Y") {
		$userinfo["b_countyname"] = func_get_county($userinfo["b_county"]);
		$userinfo["s_countyname"] = func_get_county($userinfo["s_county"]);
	}

	if ($userinfo["usertype"] == "B" && !empty($active_modules["XAffiliate"])) {
		$userinfo["plan_id"] = func_query_first_cell("SELECT plan_id FROM $sql_tbl[partner_commissions] WHERE login = '$userinfo[login]'");
	}

	$email = $userinfo["email"];

	$userinfo['field_sections'] = array();

	# Get additional fields
	$fields = func_query("SELECT $sql_tbl[register_fields].fieldid, $sql_tbl[register_fields].section, $sql_tbl[register_field_values].value FROM $sql_tbl[register_fields] LEFT JOIN $sql_tbl[register_field_values] ON $sql_tbl[register_fields].fieldid = $sql_tbl[register_field_values].fieldid AND $sql_tbl[register_field_values].login = '$user' WHERE ($sql_tbl[register_fields].avail LIKE '%".implode("%' OR $sql_tbl[register_fields].avail LIKE '%", $profile_area)."%') ORDER BY $sql_tbl[register_fields].section, $sql_tbl[register_fields].orderby");
	if (empty($fields)) {
		$userinfo['additional_fields'] = array();
	} else {
		foreach($fields as $k => $v) {
			$fields[$k]['title'] = func_get_languages_alt("lbl_register_field_".$v['fieldid'], $shop_language, true);
			$userinfo['field_sections'][$v['section']] = true;
		}

		$userinfo['additional_fields'] = $fields;
	}

	# Get default fields
	$default_fields = unserialize($config["User_Profiles"]["register_fields"]);
	
	if (empty($default_fields) || !is_array($default_fields)) {
		$default_fields = array();
		if (!empty($default_user_profile_fields) && is_array($default_user_profile_fields)) {
			foreach($default_user_profile_fields as $k => $v) {
				if (is_array($v["avail"])) {
					$field_is_available = false;
					foreach ($profile_area as $a) {
						if ($v["avail"][$a] == 'Y') {
							$field_is_available = true;
							break;
						}
					}

				} else {
					$field_is_available = ($v["avail"] == 'Y' ? true : false);
				}
				
				if ($field_is_available)
					$default_fields[$k] = true;
			}
		}

	} else {
		$tmp = array();
		foreach($default_fields as $k => $v) {
			$found = false;
			foreach ($profile_area as $a) {
				if (strpos($v['avail'], $a) !== false) {
					$found = true;
					break;
				}
			}
			if (!$found)
				continue;

			$tmp[$v['field']] = true;
		}

		$default_fields = $tmp;
		unset($tmp);
	}

	if ($default_fields) {
		if (!$userinfo['field_sections']['P'] && ($default_fields['title'] || $default_fields['firstname'] || $default_fields['lastname'] || $default_fields['company'])) {
			$userinfo['field_sections']['P'] = true;
		}

		if (!$userinfo['field_sections']['B'] && ($default_fields['b_title'] || $default_fields['b_firstname'] || $default_fields['b_lastname'] || $default_fields['b_address'] || $default_fields['b_address_2'] || ($default_fields['b_county'] && $config["General"]["use_counties"] == "Y") || $default_fields['b_state'] || $default_fields['b_city'] || $default_fields['b_country'] || $default_fields['b_zipcode'])) {
			$userinfo['field_sections']['B'] = true;
		}

		if (!$userinfo['field_sections']['S'] && ($default_fields['s_title'] || $default_fields['s_firstname'] || $default_fields['s_lastname'] || $default_fields['s_address'] || $default_fields['s_address_2'] || ($default_fields['s_county'] && $config["General"]["use_counties"] == "Y") || $default_fields['s_state'] || $default_fields['s_city'] || $default_fields['s_country'] || $default_fields['s_zipcode'])) {
			$userinfo['field_sections']['S'] = true;
		}

		if (!$userinfo['field_sections']['C'] && ($default_fields['phone'] || $default_fields['email'] || $default_fields['fax'] || $default_fields['url'])) {
			$userinfo['field_sections']['C'] = true;
		}

		$userinfo['default_fields'] = $default_fields;
	}

	return $userinfo;
}

#
# This function generates username for anonymous customers
#
function func_generate_anonymous_username () {
	global $anonymous_username_prefix;

	return $anonymous_username_prefix.'-'.func_genid("U");
}

#
# This function validate accordance a county ID to a state and country code
#
function func_check_county($countyid, $statecode, $countrycode) {
	global $sql_tbl;

	$return = true;
	if (is_numeric($countyid)) {
		$statecode = addslashes($statecode);
		if (func_query_first_cell("SELECT COUNT(*) FROM $sql_tbl[states] WHERE code='$statecode' AND country_code='$countrycode'") > 0) {
			$return = (func_query_first_cell("SELECT COUNT(*) FROM $sql_tbl[counties], $sql_tbl[states] WHERE $sql_tbl[counties].stateid=$sql_tbl[states].stateid AND $sql_tbl[counties].countyid='$countyid' AND $sql_tbl[states].code='$statecode' AND $sql_tbl[states].country_code='$countrycode'") == 1);
		}
	}

	return $return;
}

#
# This function validate accordance a postal code to a country code
#
function func_check_zip($zipcode, $countrycode) {

	$countrycode = trim($countrycode);
	if (!$zipcode || !$countrycode) return false;

    $curlen = strlen($zipcode);
	
	$zip_code_rules = array();
	$zip_code_rules['AT'][] = 4;
	$zip_code_rules['CA'][] = 6;
	$zip_code_rules['CA'][] = 7;
	$zip_code_rules['CH'][] = 4;
	$zip_code_rules['DE'][] = 5;
	$zip_code_rules['LU'][] = 4;
	$zip_code_rules['US'][] = 5;

	$maxlen = max($zip_code_rules[$countrycode]);

	$zipcode = substr($zipcode,0,$maxlen);

return $zipcode;
}

#
# This function validate accordance a state code to a country code
#
function func_check_state($states, $statecode, $countrycode) {
	$country_flag = $state_flag = false;
	$return = true;
	foreach ($states as $val) {
		if ($val["country_code"] == $countrycode) {
			$country_flag = true;
			if ($val["state_code"] == $statecode)
				$state_flag = true;
		}
	}

	if ($country_flag && !$state_flag)
		$return = false;

	return $return;
}

#
# Get default register fields settings
#
function func_get_default_fields($fields_area) {
	global $config, $default_user_profile_fields;

	$default_fields = unserialize($config["User_Profiles"]["register_fields"]);
	if (!$default_fields) {
		$default_fields = array();
		foreach ($default_user_profile_fields as $k => $v) {
			$default_fields[$k]["title"] = func_get_default_field($k);
			$default_fields[$k]['field'] = $k;
    
			foreach (array("avail", "required") as $fn) {
				if (is_array($v[$fn]) && is_array($fields_area)) {
					foreach ($fields_area as $fa) {
						if ($v[$fn][$fa] == 'Y') {
							$default_fields[$k][$fn] = 'Y';
							break;
						}
					}
    
				} else {
					$default_fields[$k][$fn] = is_array($v[$fn]) ? $v[$fn][$fields_area] : $v[$fn];
				}
			}
		}

	} else {
		$tmp = array();
	    foreach ($default_fields as $k => $v) {
			$is_avail = false;
			$is_required = false;
			if (is_array($fields_area)) {
				foreach ($fields_area as $fa) {
					if (strpos($v['avail'], $fa) !== FALSE)
						$is_avail = true;

					if (strpos($v['required'], $fa) !== FALSE)
						$is_required = true;
				}

			} else {
				$is_avail = strpos($v['avail'], $fields_area) !== FALSE;
				$is_required = strpos($v['required'], $fields_area) !== FALSE;
			}

	        $tmp[$v['field']] = array(
    	        "avail" => $is_avail ? "Y" : "",
        	    "required" => $is_required ? "Y" : "",
            	"title" => func_get_default_field($v['field'])
	        );
    	}

	    $default_fields = $tmp;
    	unset($tmp);
	}

	return $default_fields;
}

#
# Detect available profile areas
#
function func_get_profile_areas($default_fields, $additional_fields = false) {
	$is_areas = array(
		"P" => ($default_fields['title']['avail'] == 'Y' || $default_fields['firstname']['avail'] == 'Y' || $default_fields['lastname']['avail'] == 'Y' || $default_fields['company']['avail'] == 'Y' || $default_fields['ssn']['avail'] == 'Y'),
		"B" => ($default_fields['b_title']['avail'] == 'Y' || $default_fields['b_firstname']['avail'] == 'Y' || $default_fields['b_lastname']['avail'] == 'Y' || $default_fields['b_address']['avail'] == 'Y' || $default_fields['b_address_2']['avail'] == 'Y' || $default_fields['b_city']['avail'] == 'Y' || $default_fields['b_state']['avail'] == 'Y' || $default_fields['b_country']['avail'] == 'Y' || $default_fields['b_zipcode']['avail'] == 'Y' || ($default_fields['b_county']['avail'] == 'Y' && $config['General']['use_counties'] == "Y")),
		"S" => ($default_fields['s_title']['avail'] == 'Y' || $default_fields['s_firstname']['avail'] == 'Y' || $default_fields['s_lastname']['avail'] == 'Y' || $default_fields['s_address']['avail'] == 'Y' || $default_fields['s_address_2']['avail'] == 'Y' || $default_fields['s_city']['avail'] == 'Y' || $default_fields['s_state']['avail'] == 'Y' || $default_fields['s_country']['avail'] == 'Y' || $default_fields['s_zipcode']['avail'] == 'Y' || ($default_fields['s_county']['avail'] == 'Y') && $config['General']['use_counties'] == "Y"),
		"C" => ($default_fields['phone']['avail'] == 'Y' || $default_fields['email']['avail'] == 'Y' || $default_fields['fax']['avail'] == 'Y' || $default_fields['url']['avail'] == 'Y'),
		"A" => false
	);

	if ($additional_fields) {
		foreach ($is_areas as $k => $v) {
			if ($v)
				continue;

			foreach ($additional_fields as $v2) {
				if ($v2['section'] == $k && $v2['avail'] == 'Y') {
					$is_areas[$k] = true;
					break;
				}
			}
		}
	}

	return $is_areas;
}

#
# Get additional register fields settings
#
function func_get_additional_fields($area = '', $user = '') {
	global $sql_tbl, $shop_language;

	if ($area) {
		if (!is_array($area))
			$area = array($area);

		$avail_condition = "($sql_tbl[register_fields].avail LIKE '%".implode("%' OR $sql_tbl[register_fields].avail LIKE '%", $area)."%')";
		$required_condition = "($sql_tbl[register_fields].required LIKE '%".implode("%' OR $sql_tbl[register_fields].required LIKE '%", $area)."%')";

		$fields = func_query("SELECT $sql_tbl[register_fields].*, IF($avail_condition, 'Y', '') as avail, IF($required_condition, 'Y', '') as required, $sql_tbl[register_field_values].value FROM $sql_tbl[register_fields] LEFT JOIN $sql_tbl[register_field_values] ON $sql_tbl[register_fields].fieldid = $sql_tbl[register_field_values].fieldid AND $sql_tbl[register_field_values].login = '$user' ORDER BY $sql_tbl[register_fields].section, $sql_tbl[register_fields].orderby");

	} else {
		$fields = func_query("SELECT * FROM $sql_tbl[register_fields] ORDER BY section, orderby");
	}

	if ($fields) {
		foreach ($fields as $k => $v) {
			$fields[$k]['title'] = func_get_languages_alt("lbl_register_field_".$v['fieldid'], $shop_language);
			if (!$area) {
				$fields[$k]['avail'] = func_keys2hash($v['avail']);
				$fields[$k]['required'] = func_keys2hash($v['required']);

			} elseif ($v['type'] == 'S' && $v['variants']) {
				$fields[$k]['variants'] = @explode(";", $v['variants']);
			}
		}
	}

	return $fields;
}

#
# Get additional register fields settings
#
function func_get_add_contact_fields($area = '') {
	global $sql_tbl, $shop_language, $config;

	if (!empty($area)) {
		$fields = func_query("SELECT *, IF(avail LIKE '%$area%', 'Y', '') as avail, IF(required LIKE '%$area%', 'Y', '') as required FROM $sql_tbl[contact_fields] ORDER BY orderby");
	}
	else {
		$fields = func_query("SELECT * FROM $sql_tbl[contact_fields] ORDER BY orderby");
	}

	if (empty($fields))
		return false;

	foreach ($fields as $k => $v) {
		$fields[$k]['title'] = func_get_languages_alt("lbl_contact_field_".$v['fieldid']);
		if (empty($area)) {
			$fields[$k]['avail'] = func_keys2hash($v['avail']);
			$fields[$k]['required'] = func_keys2hash($v['required']);
		}

		if ($v['type'] == 'S' && !empty($v['variants'])) {
			$v['variants'] = unserialize($v['variants']);
			if (is_array($v['variants']) && !empty($v['variants'])) {
				if (!empty($v['variants'][$shop_language])) {
					$fields[$k]['variants'] = explode(";", $v['variants'][$shop_language]);

				} elseif (!empty($v['variants'][$config['default_customer_language']])) {
					$fields[$k]['variants'] = explode(";", $v['variants'][$config['default_customer_language']]);

				} else {
					$key = key($v['variants']);
					$fields[$k]['variants'] = empty($key) ? array() : explode(";", $v['variants'][$key]);
				}

			} else {
				unset($fields[$k]);
			}
		}
	}

	return $fields;
}

#
# Transform key string to hash-array
#
function func_keys2hash($str) {
	$tmp = array();

	if (strlen($str) == 0)
		return $tmp;

	for ($x = 0; $x < strlen($str); $x++)
		$tmp[$str[$x]] = 'Y';

	return $tmp;
}

?>
